I'm getting the error
The request was aborted: Could not create SSL/TLS secure channel.
on a request being made to an HTTPS endpoint on Cloudflare.
Code:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var wc = new WebClient();
var json = wc.DownloadString("https://cloudflare.com");
Console.Write(json);
This is a commonly asked question on Stack Overflow, where setting the ServicePoint to TLS1.2 fixes it. That fixes it for me locally. However whenever I promote the code to the Server, the error comes back (and I'm positive my code changes have been applied). If I remove the HTTPS and use HTTP it works fine.
After tons of searching I found this KB: https://support.microsoft.com/en-us/kb/3109853 Which I installed on Server1, and it did not fix the problem.
Anyone know what else to try? There must be something about the Server environment that is causing this. It's up to date on .NET fixes/security updates.
[WebException: The request was aborted: Could not create SSL/TLS secure channel.]
System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult) +823
System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar) +84
[HttpRequestException: An error occurred while sending the request.]
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +181
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +66
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +30
TrackerBase.Controllers.<Verify>d__0.MoveNext() +535
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +181
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +66
System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task) +30
lambda_method(Closure , Task ) +40
System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) +76
System.Web.Mvc.Async.<>c__DisplayClass3f.<BeginInvokeAsynchronousActionMethod>b__3e(IAsyncResult asyncResult) +21
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass39.<BeginInvokeActionMethodWithFilters>b__33() +80
System.Web.Mvc.Async.<>c__DisplayClass4f.<InvokeActionMethodFilterAsynchronously>b__49() +386
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass2a.<BeginInvokeAction>b__20() +30
System.Web.Mvc.Async.<>c__DisplayClass25.<BeginInvokeAction>b__22(IAsyncResult asyncResult) +185
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +900
System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +1299
System.Web.Mvc.<>c__DisplayClass1d.<BeginExecuteCore>b__18(IAsyncResult asyncResult) +27
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +22
System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +43
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +22
System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38
System.Web.Mvc.<>c__DisplayClass8.<BeginProcessRequest>b__3(IAsyncResult asyncResult) +42
System.Web.Mvc.Async.<>c__DisplayClass4.<MakeVoidDelegate>b__3(IAsyncResult ar) +22
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +18
There is no particular reason why that code should fail on Windows Server 2012; TLS is available and turned on by default (I tested your code sample on some fresh 2012 R2 boxes because I'm paranoid that way).
That means there is something about the configuration of your specific server that is stopping the connection from using TLS 1.2. Check the following things:
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
. Are any protocols disabled (or even mentioned) outside SSL 2.0 ?Schannel
events after a failed connection event?TLS 1.2, AES with 128 bit encryption (High)
? If not, the browser decided to use a different protocol because TLS 1.2 was somehow not available on the client system.